What happens at AIIMS after sensitive Ransomware attack?
All India Institute of Medical Science (AIIMS), Delhi has been forced back in time after a cyber attack took all its servers offline. While it is unclear who is behind the attack, the Delhi Police refuted various reports claiming that hackers demanded a Rs. 200 crore crypto ransom to loosen the hold.
What went wrong at AIIMS?
On 23 November 2022, a breach was discovered in AIIMS’s internal systems. Not much later, the hospital’s digital patient management system was crippled. In a statement, AIIMS confirmed the hack, adding that data recovery is taking time due to the large number of servers used by the hospital that caters to 15 lakh inpatient and 80,000 outpatient cases every year.
Such data is extremely sensitive, for it includes the personal identification of all patients – their name, age, gender, address, telephone number, medical history. Hackers can easily post this sensitive information for sale on the Dark Web, if they haven’t already.
“Since AIIMS has reported that some of its files are encrypted, it is possible that it is a ransomware attack. There are a few ransomware groups that are actively targeting Indian entities and one of these groups could have targeted AIIMS,” said a representative of CloudSEK, a contextual AI company that predicts cyber threats.
Also read: Hackers demand Rs 200 crore in crypto from AIIMS Delhi as server remains down for 7th day
By 1 December 2022, AIIMS servers continued to be offline for patients. But the authorities said on Tuesday that the e-hospital data has been restored and they are now cleaning the servers before they become operational.
Far-reaching effects of this cyber attack
Have you wondered how this hack affects the general public? Besides the aforementioned threat of data leakage, the hack has caused a rush at AIIMS. According to a PTI report, long queues rocked AIIMS as its online appointment system remained offline.
The hospital had to deploy extra staff to help with the rush. All hospital services, including inpatient and outpatient departments and laboratories, continue to operate manually. Billing counters and diagnostic centers saw long queues after the server outage continued after a week.
On November 25, Delhi Police’s Intelligence Fusion and Strategic Operations Unit (IFSO) filed a case of extortion and cyber terrorism.
Also read: Server Vulnerability Lets Chinese Hackers Target India’s Energy Sector: Microsoft
AIIMS officials have reportedly roped in IT companies and bodies to investigate the ransomware attack. An AIIMS official told Mint that various agencies in talks with the hospital include the National Investigation Agency, India Computer Emergency Response Team (CERT-IN), Delhi Police, Defense Research and Development Organization, Intelligence Bureau, Central Bureau of Investigation, and the Ministry of Home Affairs .
Ransomware is a type of malware that blocks access to data or a computer system and threatens to publish it. Once hacked, this data is encrypted until the demands of the hackers are met.
What is happening at AIIMS now?
Now AIIMS has to go through every system on the network to make sure no malware is left. This is a lengthy process, and with a hack of this gravity, it could still take a long time for the servers to be back on.
Also read: Hackers just took down one of the world’s most advanced telescopes
Data of about 3-4 crore patients may have been leaked in this hack, PTI reported, adding that hackers held on to their Rs. 200 million demand.
Currently, internet services remain blocked at AIIMS. “AIIMS has around 40 physical and 100 virtual servers. Five have shown signs of virus infection. These servers are also being set up for scanning and new servers with updated configurations are being purchased as most of the servers at AIIMS were end of life/end of support.”, was a source quoted by PTI.
What can institutions do to avoid such attacks?
“Given the scale and importance of the healthcare sector, it is important for institutions, employees and healthcare professionals to ensure that the data they collect and store is not leaked or exploited by cybercriminals,” said a CloudSEK representative.
CloudSEK also listed precautions that healthcare organizations can take to prevent such attacks in the future:
- Create awareness among users about cyber attacks, cyber fraud and phishing campaigns
- Enforce strong password policies and enable multi-factor authentication (MFA)
- Updating and updating software, systems and networks regularly
- Maintain multiple backups – both online and offline in separate and secure locations
- Monitoring logs for unusual traffic and activity to websites and other applications
- Blocking illegitimate IP addresses and disabling port forwarding using network firewalls
- Perform real-time Internet monitoring to identify and mitigate low-level threats such as misconfigured apps, exposed data, and leaked access that are exploited by cybercriminals to carry out large-scale attacks
- Avoid clicking on suspicious emails, messages and links
- Refrain from downloading or installing unverified apps
- Use strong passwords and enable multi-factor authentication (MFA) across accounts
What do you think about the sensitive hack that has rocked AIIMS? Let us know in the comments below. For more in the world of technology and scienceContinue reading Indiatimes.com.
Tribune news service. (2022, November 30). AIIMS-Delhi servers remain down on 8th day; 20 percent increase in walk-in OPD patients. Tribuneindia news service. https://www.tribuneindia.com/news/delhi/aiims-delhi-servers-remain-down-for-8th-day-20-per-cent-rise-in-walk-in-opd-patients-456323
Thathoo, C. (2022, November 29). Hackers Demand INR 200 Cr Crypto Ransom From AIIMS, Delhi Police Rebut Claim. Inc42 Media. https://inc42.com/buzz/aiims-delhi-servers-down-for-sixth-day-hackers-demand-inr-200-cr-in-crypto/
Edit, T. (2022, November 29). Held to ransom: The healthcare sector is a sitting duck for cybercriminals. AIIMS and other hospitals must support. The Times of India Blog. https://timesofindia.indiatimes.com/blogs/toi-editorials/held-to-ransom-healthcare-sector-is-a-sitting-duck-to-cybercriminals-aiims-and-other-hospitals-must-shore- up security systems/
Team, WBS (2022, December 1). AIIMS reaches out to IT companies to investigate ransomware attacks: Report. www.business-standard.com. https://www.business-standard.com/article/current-affairs/aiims-reaches-out-to-it-firms-to-probe-the-ransomware-attack-report-122120100487_1.html
Banerjee, P. (2022, December 1). How did hackers let AIIMS so much? | Mint. Mint.